Jcarre

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.1 through 18.4.6 GitLab CE/EE versions 18.5 through 18.5.4 GitLab CE/EE versions 18.6 through 18.6.2 **Description** GitLab CE/EE is affected by an issue that allows an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions. **Recommendations** GitLab CE/EE versions 13.1 through 18.4.6 should be updated to a version later than 18.4.6. GitLab CE/EE versions 18.5 through 18.5.4 should be updated to a version later than 18.5.4. GitLab CE/EE versions 18.6 through 18.6.2 should be updated to a version later than 18.6.2.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 11.10 through 18.4.5 GitLab CE/EE versions 18.5 through 18.5.3 GitLab CE/EE versions 18.6 through 18.6.1 **Description** An authenticated user could potentially cause a denial of service by uploading specially crafted images. **Recommendations** Update GitLab CE/EE to version 18.4.6 or later. Update GitLab CE/EE to version 18.5.4 or later. Update GitLab CE/EE to version 18.6.2 or later.